Table of Contents
Advertisement
The
keyword requires one or more valid distinguished names in the
groupdn
following format :
groupdn="ldap:///dn [|| ldap:///dn]...[|| ldap:///dn]"
The bind rule is evaluated to be true if the bind DN belongs to the named group.
NOTE
If a DN contains a comma, the comma must be escaped by a
backslash (\).
From the Server Console, you can define specific groups using the Access Control
Editor. For more information, see "Creating ACIs From the Console," on page 229.
Examples
This section contains examples of the
Groupdn keyword containing an LDAP URL:
groupdn = "ldap:///cn=Administrators,dc=example,dc=com";
The bind rule is evaluated to be true if the bind DN belongs to the Administrators
group. If you wanted to grant the Administrators group permission to write to the
entire directory tree, you would create the following ACI on the
dc=example,dc=com
aci: (version 3.0; acl "Administrators-write"; allow (write)
groupdn="ldap:///cn=Administrators,dc=example,dc=com";)
Groupdn keyword containing logical OR of LDAP URLs:
groupdn = "ldap:///cn=Administrators,dc=example,dc=com" ||
"ldap:///cn=Mail Administrators,dc=example,dc=com";
The bind rule is evaluated to be true if the bind DN belongs to either the
Administrators or the Mail Administrators group.
Defining Role Access - roledn Keyword
Members of a specific role can access a targeted resource. This is known as role
access. Role access is defined using the
targeted entry will be granted or denied if the user binds using a DN that belongs
to a specific role.
The
keyword requires one or more valid distinguished names in the
roledn
following format :
groupdn
node:
roledn
syntax.
keyword to specify that access to a
Chapter 6
Managing Access Control
Bind Rules
217
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR and is the answer not in the manual?